Guardado en:
Detalles Bibliográficos
Autores principales: Cullen, Andrew C., Liu, Shijie, Montague, Paul, Erfani, Sarah M., Rubinstein, Benjamin I. P.
Formato: Preprint
Publicado: 2023
Materias:
Acceso en línea:https://arxiv.org/abs/2302.04379
Etiquetas: Agregar Etiqueta
Sin Etiquetas, Sea el primero en etiquetar este registro!
_version_ 1866909221830787072
author Cullen, Andrew C.
Liu, Shijie
Montague, Paul
Erfani, Sarah M.
Rubinstein, Benjamin I. P.
author_facet Cullen, Andrew C.
Liu, Shijie
Montague, Paul
Erfani, Sarah M.
Rubinstein, Benjamin I. P.
contents In guaranteeing the absence of adversarial examples in an instance's neighbourhood, certification mechanisms play an important role in demonstrating neural net robustness. In this paper, we ask if these certifications can compromise the very models they help to protect? Our new \emph{Certification Aware Attack} exploits certifications to produce computationally efficient norm-minimising adversarial examples $74 \%$ more often than comparable attacks, while reducing the median perturbation norm by more than $10\%$. While these attacks can be used to assess the tightness of certification bounds, they also highlight that releasing certifications can paradoxically reduce security.
format Preprint
id arxiv_https___arxiv_org_abs_2302_04379
institution arXiv
publishDate 2023
record_format arxiv
spellingShingle Et Tu Certifications: Robustness Certificates Yield Better Adversarial Examples
Cullen, Andrew C.
Liu, Shijie
Montague, Paul
Erfani, Sarah M.
Rubinstein, Benjamin I. P.
Machine Learning
Cryptography and Security
I.2.6; I.4.9
In guaranteeing the absence of adversarial examples in an instance's neighbourhood, certification mechanisms play an important role in demonstrating neural net robustness. In this paper, we ask if these certifications can compromise the very models they help to protect? Our new \emph{Certification Aware Attack} exploits certifications to produce computationally efficient norm-minimising adversarial examples $74 \%$ more often than comparable attacks, while reducing the median perturbation norm by more than $10\%$. While these attacks can be used to assess the tightness of certification bounds, they also highlight that releasing certifications can paradoxically reduce security.
title Et Tu Certifications: Robustness Certificates Yield Better Adversarial Examples
topic Machine Learning
Cryptography and Security
I.2.6; I.4.9
url https://arxiv.org/abs/2302.04379